CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32650 – WordPress Accessibility Suite by Ability, Inc plugin <= 4.18 - SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2025-32650
09 Apr 2025 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ability, Inc Accessibility Suite by Online ADA allows SQL Injection. This issue affects Accessibility Suite by Online ADA: from n/a through 4.18. The Accessibility Suite by Online ADA plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 4.18 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it... • https://patchstack.com/database/wordpress/plugin/online-accessibility/vulnerability/wordpress-accessibility-suite-by-ability-inc-plugin-4-17-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32215 – WordPress Accessibility Suite plugin <= 4.18 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2025-32215
07 Apr 2025 — Unrestricted Upload of File with Dangerous Type vulnerability in Ability, Inc Accessibility Suite by Online ADA allows Stored XSS. This issue affects Accessibility Suite by Online ADA: from n/a through 4.18. The Accessibility Suite by Ability, Inc plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 4.18. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on th... • https://patchstack.com/database/wordpress/plugin/online-accessibility/vulnerability/wordpress-accessibility-suite-plugin-4-17-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22698 – WordPress Accessibility Suite by Ability, Inc plugin <= 4.16 - Multiple Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2025-22698
31 Jan 2025 — Missing Authorization vulnerability in Ability, Inc Accessibility Suite by Online ADA allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Accessibility Suite by Online ADA: from n/a through 4.16. The Accessibility Suite by Ability, Inc plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 4.17. This makes it possible for authenticated attackers, with subscriber-level access and a... • https://patchstack.com/database/wordpress/plugin/online-accessibility/vulnerability/wordpress-accessibility-suite-by-ability-inc-plugin-4-16-multiple-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •